Getting started: Difference between revisions

From Barion Documentation
Jump to navigation Jump to search
Line 20: Line 20:


==Payment process==
==Payment process==
#Shop initiates the payment by calling the <code>/Payment/Start</code> API and using POSKey for authentication, returning a Payment ID.
#Shop initiates the payment by calling the [[Payment-Start-v2|/Payment/Start]] API and using POSKey for authentication, returning a Payment ID.


#Shop records the transaction (at least the ID)
#Shop records the transaction


#Shop redirects the user to the payment UI, https://secure.barion.com/pay with the Payment ID. (https://secure.test.barion.com/pay in case of test server)
#Shop redirects the user to either of the two possible payment user interfaces:
##Responsive Web user interface
##Barion Mobile App, if installed (Available on Android and iOS platforms)


#The shopper completes the transaction
#The shopper completes the payment
##If the shopper has no Barion account, credit card data must be provided, and will be asked to register after payment
##If the customer has no Barion account, card data must be provided
##If the shopper has a Barion wallet (account) the log in and may choose to pay from their balance or using a stored or new card
##If the customer has a Barion wallet (account) the log in and may choose to pay using a card on file (or a new card) or alternatively from their Barion balance
##In case of a successful payment, the Barion server tries to call the Callback URL of the shop. Shop must call GetPaymentState, and should not trust the call alone, as the callback can be spoofed, while GetPaymentState cannot
 
#In case of a successful payment, the Barion server notifies the shop. Shop must call [[Payment-GetPaymentState-v2|/Payment/GetPaymentState]] to see if payment was successful or not.


#The user is redirected to the shop’s return URL
#The user is redirected to the shop’s return URL
#Shop must call GetPaymentState to see if payment was successful or not. https://api.barion.com/v2/Payment/GetPaymentState  (https://api.test.barion.com/v2/Payment/GetPaymentState in case of test server)


#Shop records the result of the transaction
#Shop records the result of the transaction

Revision as of 00:43, 7 February 2017

Getting started - overview of Barion payments

Time needed

Working with the Barion API is a no-brainer. The time required to integrate Barion can be as low as a few hours. Of course, the exact time required depends on your needs, your business expectations and several outside factors (system architecture, business process management and available resources). Most of the time, basic integration and testing are accomplished in a couple of days.

IMPORTANT
Don't try to save time by jumping directly to sample code. We know developers like to hack (we do, too), but a payment system requires discipline, so we advise to read the docs thoroughly.

Multiple payments - feature overview

Barion is a provider of electronic payments. Our payment services include:

  • payment with debit and credit cards
  • payment with prepaid Barion wallet

We have several payment solutions, based on the above payment types:

  • Responsive Web Payment, which works in desktop and mobile browsers
  • Mobile App Payment, which works in native mobile apps in two scenarios:
    • If the Barion Mobile App is installed on the customer's device, a simple and quick payment works with the Barion Mobile App
    • If the Barion Mobile App is not installed on the customer's device, the Responsive Web Payment solves the payment
  • We also provide an experimental Mobile Proximity payment that is currently unavailable

Payment process

  1. Shop initiates the payment by calling the /Payment/Start API and using POSKey for authentication, returning a Payment ID.
  1. Shop records the transaction
  1. Shop redirects the user to either of the two possible payment user interfaces:
    1. Responsive Web user interface
    2. Barion Mobile App, if installed (Available on Android and iOS platforms)
  1. The shopper completes the payment
    1. If the customer has no Barion account, card data must be provided
    2. If the customer has a Barion wallet (account) the log in and may choose to pay using a card on file (or a new card) or alternatively from their Barion balance
  1. In case of a successful payment, the Barion server notifies the shop. Shop must call /Payment/GetPaymentState to see if payment was successful or not.
  1. The user is redirected to the shop’s return URL
  1. Shop records the result of the transaction

Extra services

We also provide extra services that can be combine with the above payment technologies:

  • Token payment for automatic payments, such as One Click or recurring payments
  • Sharing economy features, such as:
    • Payment to 3rd parties or C2C (Consumer to Consumer) payments
    • Deducting commission from C2C payments
    • Escrow services for C2C payments

Other services augmenting the above payments:

  • refunding payments from GUI or API
  • Withdrawing funds to bank accounts from GUI or API
  • Free and real-time money sending between Barion accounts from GUI or API

Flow of funds

  • Guest payment with card – available for any card holder with a card capable of making VPOS payments. The debit or credit card is charged and the merchant's Barion account is topped up with the equivalent amount. No need for Barion registration or previous top-up.
  • Payment with card on file – available for any card holder with a card capable of making VPOS payments that previously registered with Barion and chose to store card data in their Barion wallet. The debit or credit card is charged and the merchant's Barion account is topped up with the equivalent amount. Card data is stored in a PCI DSS compliant card vault. No CVC is stored. No need for previous top-up.
  • Payment with prepaid Barion balance – available for any user that previously registered with Barion and has a balance in their Barion wallet. Money is transferred to the merchant's account. This payment does not involve cards. Customer wallets can be topped up via bank transfer.
  • Top up – available for all Barion users from a bank account. By wiring funds to Barion with a personal top-up code in the comment, Barion balance is topped up in the appropriate currency.
  • Withdrawal - available for all Barion users. Funds are transferred from a Barion wallet to any bank account via wire transfer.

Sandbox and live

Barion maintains a clone of the live Barion secure Server as a sandbox or test server, where developers can experiment with their solutions. The sandbox works with "test" money instead of real, so there is no risk playing around. Sandbox is open, all you need is to register and start playing. Don't forget to read the documentation though. For more information on differences in the live and sandbox servers, read Setting up the Sandbox environment and testing payments.

Skills and tools required

All you need is an intermediate level of web back-end development with the ability and tools to call a REST API. Although there are no specific competency or tool requirements, an up-to-date development environment and toolbox is essential. We balance compatibility and security when picking which latest technology to use. For more information read Calling the Barion API.

Supported currencies

  • HUF (Hungarian Forint)
  • EUR (Euro)
  • USD (U.S. Dollar)

To use the Barion Smart Gateway and the Barion API in a given currency, you must have an active account with that currency.

SSL

Barion servers use https:// protocol to communicate. We advice to use a REST library that can verify the identity of our server when calling the Barion API. Always use TLS1.2, as our support for earlier versions will be discontinued in 2017.

For more information on differences in SSL certificates on the live and sandbox servers, read Setting up the Sandbox environment and testing payments.

PCI DSS certification

Barion is PCI DSS certified. Since you, as a merchant do not handle cardholder data, PCI DSS certification for merchants using Barion payment is not mandatory. The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards. If you handle credit cards, even if temporarily, PCI DSS certification is mandatory.

For more information read Legal and accounting information.

Going live

When your payment solution is working properly in the sandbox, you are ready to go live. Using the live server requires a real contract and an approved shop, so prepare in advance. Read the Going live guide thoroughly and follow the instructions before going live.

Requirement for Smart Package

Please follow the Barion Logo Guidelines and place the appropriate logo on your page. Our experience shows that it is important for customers to show they can pay with Barion on your web site. We also think than keeping the logo consistent across all Barion merchants helps the entire Barion community. Using the logo is a requirement for all Barion price packages, omitting it results in rejecting live shops.

If you choose the Clever, Smart or Genius price package, you have to provide us with detailed cart content. Use the Item structure within the Items[] property of the PaymentTransaction structure of the Transactions property of the /Payment/Start API endpoint to pass data. The customers will see the cart content during payment and later in their Barion wallet history.

When providing cart content, please follow the guidelines below:

  • Use real product names, generics such as "product" or "drink" will not work. Follow these examples:
    • Canon IXUS 110 Compact Digital Camera
    • Heineken lager 5L party barrel
  • Provide all items in one collection
  • Use all fields of the Item structure
  • You may add discounts as a separate item, subtotals are not checked, so you can use negative prices
  • You may add packaging or shipping cost as a separate item
  • Provide a link to the image of the product if available, we will use it later for enhancing the payment UX

Limitations

Currently we do not allow placing the payment GUI in an <iframe> or similar solution, due to security reasons.